PolarSSL 1.3.4 released

Description

The first feature release for the year 2014: PolarSSL 1.3.4!

It's a small release that mainly just adds support for some new features. PolarSSL 1.3.4 adds some features required within Bitcoin applications, such as support for the RIPEMD-160 hash algorithm and support for Koblitz elliptic curves, and then specifically secp256k1.

Features

On the feature-front this release introduces support for:

Support for Koblitz curves: secp192k1, secp224k1, secp256k1

Support for RIPEMD-160

Support for AES CFB8 mode

Support for deterministic ECDSA (RFC 6979)

In addition outstanding bugs were fixed.

Koblitz curves

Support for three standardized Koblitz curves from RFC 4492 has been added: secp192k1, secp224k1, secp256k1.

RIPEMD-160

The RIPEMD-160 hash function is added in the ripemd160.h and ripemd160.c files and can be enabled with the POLARSSL_RIPEMD160_C flag in config.h.

The MD layer has been updated to support RIPEMD-160 as well.

AES-CFB8 mode

Before PolarSSL 1.3.4, only full-width CFB-mode was supported. That is 128-bit CFB for AES and Camellia. The standard also specifies CFB8 and CFB1 as options. We have now added CFB8 to the AES module as for direct use. It is not yet supported in the cipher layer, but will be added there in the future.

Bug fixes

Fixes include:

Potential memory leak in the Bignum selftest function

Replaced expired test certificate that caused two tests of the test framework to fail

The ssl_mail_client application now terminates lines with CRLF, instead of LF (as per the RFC)